Archive for the ‘News’ Category

JANET CSIRT is hiring

News (2/3/10, 14:48)

A vacancy has arisen in the team. We are looking for someone with solid networking and security skills, with knowledge of Linux or Windows administration, and great communication skills to join our team.

Further information on the job and the application process are available.

More on the University of Exeter outbreak

Advisories, News (29/1/10, 18:01)

We are now able to confirm that the malware infected systems through the vulnerability highlighted in our previous e-mail. Further details and an update for this Windows Vista vulnerability can be found at

http://support.microsoft.com/kb/975517

Microsoft and Symantec performed an analysis of the malware, and updated Symantec definitions now detect it as a generic ‘downloader’.

There is no reason to suspect that this malware poses a specific threat to other JANET connected sites, and we have not seen any infections elsewhere. It is worth mentioning a few best practices that limit your risk to this and similar infections:

- Ensure that operating systems are kept fully patched
- Ensure that anti-virus definitions are kept up to date
- By default, block Windows LAN service ports at your network border

University of Exeter malware outbreak

News (21/1/10, 13:03)

As you may have heard the University of Exeter has been dealing with a malware outbreak. The virus appears to be unknown, certainly to Symantec and Trend, and was first detected by high levels of traffic on their network and onto JANET. Whilst the malware has not yet been analysed it appears to have aspects of both a Trojan and a “dropper”.

The malware appears to exploit Windows Vista systems and early indications are that installing Microsoft update KB975517 prevents infection. It is not yet certain if the update provides complete protection.

http://support.microsoft.com/kb/975517

The outbreak is currently being investigated by Symantec and Microsoft and we hope to have further information within a few days.

Conficker statistics

News (16/12/09, 16:30)

The Shadowserver Foundation have produced a set of statistics that detail the number of infections of the Conficker infections per ASN. The statistics for JANET (ASN 786) look promising. Bearing in mind that the large increase in infections coincides with the start of the academic year, and that numbers will start to naturally decrease towards the holiday period, the overall trend still appears to be downward. The numbers are very favorable compared to similarly sized commercial providers.

JANET CSIRT have more information on Conficker, how to detect and investigation infections and protect your network.

Image provided by shadowserver.org

Image provided by Shadowserver.org

Continued Phishing Attacks

News (23/11/09, 17:38)

We continue to see a number of suprisingly successful phishing attacks against academic e-mail addresses. The attackers send their targets customised e-mails redirecting them to a professional looking website asking for their e-mail account details.

The current trend is for the website to be hosted with a third party company that provides free web forms to web site authors. The page is usually convincing but the URL is usually questionable. Please make sure that your users know that you will never ask them for their password, and how they can spot the more obvious fraudulent e-mails and URLs.

 

 

 

 

Privacy Policy | Web Admin
© The JNT Association,
JANET(UK), Lumen House, Library Avenue
Harwell Science and Innovation Campus, Didcot, Oxfordshire
OX11 0SG